A quick look of the third scan I ran (credentials with deprecated Firefox), which shows how many critical and high vulnerabilities the Virtual Machine is facing. This is why vulnerability management is important. Without it, your business can easily be exposed to threats.
This is how my first project started. Nothing but a frozen screen... I had spent the last 5 hours trying everything to make it work:
- Turning my laptop on and off
- Close and restart the Virtual Machine Again
The only thing I did not want to do was to reinstall the VM (Virtual Machine) because all the data would have been erased and I would have to start all over again, which is something I wanted to keep as my last resort.
Quote of the Day
“It is only when they go wrong that machines remind you how powerful they are." - Clive James
Actions
After rebooting and starting, I took a break and decide to postpone my project to the next day. Tried again to turn it in, but notice that maybe the issue does not come from the software but the computer itself. It indeed works fine the week before, but the Virtual machine was still running slow. When I tried a couple of days ago, the computer could barely function. My goal was to finish the project instead of trying to wipe all the memory and application on my computer, which would have taken another day to function. I decided to outsource and when to my brother, asking if I could utilize his computer. He had school work to finish and deadlines to meet, while I had a project that I wanted to finish.
We came into an accord that whenever my brother was taking a break, I would hope in reinstalling all the software to start on my project again, hoping that this time. Everything will go smoothly. We rotated like that for a couple of days. To my surprise, my brother's computer handle the Virtual Machine and Nessus scanner very well. My brother and I worked together and figure out that the Hard Disk Drive (HDD) has been the issue all along. It was getting old and could not handle as much as it did back then, even after we clean it up at multiple reprises. At the end of the day, I was able to finish my vulnerability scanner and we figure out what the issue was for the old laptop. We could have discarded the old laptop but decided to change the old HDD to a new SSD (Solid States Drive) to allow the computer to retrieve data faster and give it a second chance.
What is the Project About
Process: Use Nessus (a web application) to set up a Window credential vulnerability scanner to detect the different types of vulnerability (critical, high, medium, low, or info) the Virtual Machine and learn how to remediate them
Purpose: Understanding the importance of vulnerability scaners and why they play a big role in businesses
Steps:
Download Virtual Machine (VMWare)
Download Window 10 ISO (Operation System)
Sign Up and Install Nessus (Vulnerability Scanner)
Create an admin window account on the VM
Deactivate Window Firewalls to experiment and allow Nessus to fully access the VM: The reason why you want to use a VM instead of your own computer)
Connect your VM to Nessus
Set Up Nessus to scan your computer
7.1 Experiment 1: Scan Vulnerability WITHOUT Credentials
Vulnerability Result: (10%) Medium and (90%) Info
7.3 Experiment 1: Scan Vulnerability WITH Credentials
Vulnerability Result: (5%) Critical, (5%) Medium, and (90%) Info
7.4 Experiment 1: Scan Vulnerability WITH Credentials AND Deprecated Firefox
Vulnerability Result: (25%) Critical, (25%) High, (15%) Medium, (and (45%) Info
What I learned: Skills & Knowledge
After experimenting with different scan scenarios, I learned that updating your software and keeping them at the latest version is extremely important to protect your computer and personal data.
In the first vulnerability scan, without giving Nessus the ability the fully get access to the computer data, the scan could only find medium treat and information. Medium threats are generally discarded in a big organization since there are more important vulnerabilities that take precedent.
In the second scan, after giving Nessus the credentials and allowing it to fully access the computer, more results were found such as high vulnerabilities, which mostly comes from the fact that all the Windows updates were not implemented yet.
In the third scan, where I installed a deprecated Firefox (old version of Firefox), there were a lot more vulnerabilities found such as critical and high levels. This comes from the fact that Firefox's deprecated version was not up to date.
Lastly, to remediate all these critical and high levels of vulnerabilities, what I did is deinstall Firefox and update my Windows system. Below were the results given after the deinstall and updates:
No more critical and high vulnerabilities!
Overall, I learned that it is fundamental for businesses to keep their software up to date when they can to prevent the third scenario/experiment where their data could easily be stolen. Running a regular vulnerability scan would prevent businesses from putting their data at risk. The process overall is simple; however, when there is more than one computer and people to work with, coordinating all of this becomes challenging.
Comments